Serving Harris, Brazoria, Fort Bend, Montgomery and Galveston Counties
HOUSTON
Volume 13 | Issue 1
Inside This Issue
Christopher Flowers, M.D,. receives ASH Mentor Award See pg. 8
INDEX Oncology Research......... pg.3 Mental Health...................... pg.4 Healthy Heart....................... pg.6 Financial Forecast.............pg.11
January Edition 2023
A Cyber-Attack Checklist: TEN Things Health Care Professionals Can Do to Respond to a Cyber Attack
By Iliana L. Peters, JD Kayleigh S. Shuler, JD Polsinelli, PC
O
rganizations with comprehensive cybersecurity programs can (and do) fall victim to cyber-attacks by sophisticated cyber criminals. In any cyber-attack situation, your health care organization should consider the following issues throughout the process of containing and responding to such cyber incident, including the most prevalent form, ransomware. 1. Ident i f y Appr opr i at e Poi nt(s) of C ont act An organization must first determine who will be part of the incident response team. While IT team members will serve a vital role here, the incident response team will need to include others in the organization who have: (a) the ability to make legal decisions; (b) knowledge of business workflows and the short and long term effects of disruptions; and (c) knowledge of the organization’s communication strategy. 2. “Stop the Bleeding” (Identify, Triage, Cont ain, Eradicate) The organization should immediately attempt to determine the vectors and scope of the attack. IT should take steps to contain the spread of the incident and determine the best next steps to prevent further business interruption. While systems may
be taken offline or sandboxed during this effort, absolutely no systems or devices should be wiped or otherwise cleaned of any data, until legal counsel has authorized
Do not wait until a cyber-attack actually occurs to practice responding—engage legal counsel now
Houston Methodist Woodlands Completes 100th TAVI (TAVR) Procedure See pg. 12
and directed such activities. 3. Preserve Evidence Containment efforts must be implemented quickly, but also carefully. Kneejerk decisions to “wipe” or “erase” machines to stop an attack can inadvertently “wipe” and “erase” the criminal’s tracks, including critical log data and other important forensic evidence, making it difficult (if not impossible) to later understand how, when, and what the criminal did. 4. Cont act Cyber Insurer An organization should promptly
notify its cyber insurer regarding coverage evaluation. 5. Engage O ut side Counsel Organizations should bring in legal counsel with expertise in responding to cyber incidents. Outside counsel provides significant insight into responding to cyberattacks, while ensuring the best protection for attorney-client privilege. 6. Engage Forensic Vendor through Counsel Outside counsel should engage the forensic firm to support the position that the work is done under the protection of attorney-client privilege. 7. Determine Scope The investigation should specifically address whether the criminal both accessed (e.g., viewed) or acquired (e.g., downloaded or exfiltrated) data, as access alone creates legal obligations pursuant to many state and federal laws. The investigation should further determine all of the identifiers for any individuals (e.g., patients, beneficiaries, employees, donors, research subjects, etc.) whose data may be involved in the see TEN Things...page 14
PRSRT STD US POSTAGE PAID PERMIT NO 1 HOUSTON TX